OT: phishing issue

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Hi

I know (or think) this isn't a virus issue, but can't see anywhere that
might be more suitable.

I just received an email, purportedly from the IRS (taxrefund@sri.gov  - but
I've reversed the first letters after the @ here for safety) telling me I
can claim a tax refund by following a link.

Which is great since the IRS is American and I live and work in the UK.
Kinda makes me suspect that maybe, perhaps, just possibly this is a
phoney!!!

However, what I'm curious about is that the link is (and here I'm reversing
the word login to prevent anyone using it)
https://online.hmrc.gov.uk/nigol?GAREASONCODE=-2&GARESOURCEID=Common&GAURI

Which appears to be a genuine link.

Googling shows me that this same scam was around in America in 2005, using a
genuine link to the IRS, but then utilising a fault on that site to
immediately redirect to the phoney site.

Out of curiosity does anyone know how this one works?


 


Re: OT: phishing issue



wasted wrote:

Quoted text here. Click to load it

The U.S. IRS never sends unsolicited email to random people. There's a
clue!

Quoted text here. Click to load it

Did you read the email in HTML format?  Look at the source (or via Plain
Text) and see what the real link is. (Reason enough to *not* read email
in HTML mode.)

Quoted text here. Click to load it

As you surmise. It's a socially-engineered phishing attempt to get you
to reveal personal information -- possibly so the scammer can drain your
bank account.

--
   -bts
   -Friends don't let friends drive Windows

Re: OT: phishing issue



On 10/09/2008 09:53 AM, Beauregard T. Shagnasty sent:
Quoted text here. Click to load it

...and report the phishing attempt as is appropriate for your government.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: OT: phishing issue



1PW wrote:

Quoted text here. Click to load it

Good point.  Thanks for thinking of it.  :-)

--
   -bts
   -Friends don't let friends drive Windows

Re: OT: phishing issue



barcrnahgjuvfgyr@nby.pbz says...
Quoted text here. Click to load it

In addition it can be forwarded this address:

phishing@irs.gov

--
James E. Morrow
 Email to: jamesemorrow@email.com

Re: OT: phishing issue



On Thu, 9 Oct 2008 14:54:35 -0500, James Morrow

Quoted text here. Click to load it


For UK  people go here for current scams from Revenue and customs

http://www.hmrc.gov.uk/security/fraud-attempts.htm

Re: OT: phishing issue





Quoted text here. Click to load it

Which I spotted!

Quoted text here. Click to load it
No - all mail/messages are viewed in text only

Quoted text here. Click to load it
Don't know how to do that, that's why I'm asking here.

Quoted text here. Click to load it

And my question was - how does this particular scam work when the link
appears to be genuine. I seek enlightenment!
 


Re: OT: phishing issue



wasted wrote:

Quoted text here. Click to load it

Just above you say "viewed in text only." You're using Windows Mail
(successor to Outlook Express), which I think has Tools > Options
somewhere to make sure you are reading mail in just text. No HTML.

Personally, I would switch to a more secure application. Thunderbird is
frequently recommended.

Quoted text here. Click to load it

Not being a UKian, I don't know what value visiting a legitimate UK
revenue service page would do to benefit a scammer. Probably none.
Normally, these phishing scams have a real URL in the HTML, but the
underlying source text would read something like:

<a href="http://phishingsite.com /">http://somerealsite.com /"</a>

..where the bad URL is frequently by IP address, or a sub-sub-directory
of someone else's hacked web site.

Remaining un-gullible is the best defense.  <g>

--
   -bts
   -Friends don't let friends drive Windows

Site Timeline